As methods and devices for engaging in electronic authorizations have increased, problems such as fraud continue to persist. One way to reduce fraud in an electronic authorization is to authenticate the identification device, or other portable consumer device, used in the electronic authorization.
Some systems authenticate a portable consumer device using various forms of risk analysis and other information not imprinted or stored on the portable consumer device such as dynamic card verification values (dCVVs). In one exemplary conventional system, at the front end of the transaction (e.g. where a merchant and a consumer reside), the portable consumer device can provide information associated with the portable consumer device and the consumer such as an encrypted account number or other identification information. In addition, various forms of anti-counterfeiting measures have been made to the actual consumer devices. An example of a conventional credit card is depicted in FIGS. 1A, B and C.
As shown in FIG. 1A, a conventional credit card 100 typically displays information such account number 110, account holder's name 130 and some type of anti-counterfeiting measure 120. Most current credit and debit cards are made of up of at least two layers. FIG. 1B shows a cross-section of a typical credit card stock comprising a substrate layer 150 and a top layer 140. Substrate layer 150 is usually a semi-rigid plastic that can be stamped or embossed. Top layer 140 is usually a print or decal identifying the issuer of the credit card and possibly other information. In most conventional credit cards, important information such as account number 110 and account holder name 130 are embossed by an embosser 160 and then painted at the apex of the embossed regions 170 to increase legibility as shown in FIG. 1C. Embossing such information serves multiple purposes: 1) embossed information is more durable than simple printing, 2) provided a means for quickly copying such information by taking an imprint of the card and 3) embossed information is more difficult to reproduce or alter and as such was a first attempt to curb counterfeiting. In addition, credit card 100 may also have a card verification value (CVV) printed on the back of that card that is not included in any computer readable medium that might be included on the card. However, improvements to existing anti-counterfeiting technologies would be desirable.
For example, anti-counterfeiting measure 120 can be a sophisticated holographic image, a watermark, micro printed designs or text, or fluorescent details that show up under ultraviolet light. The main idea in conventional physical anti-counterfeiting technology is to include a physical characteristic on the card that is too difficult or costly to reproduce. However, counterfeiters gradually catch up to each technology in time. When the counterfeiters catch up to a particular anti-counterfeiting measure, that measure becomes obsolete. Because there is only so much that conventional anti-counterfeiting technologies can protect before they are overcome, these types of physical security measures are used in conjunction with various front end and back end encryption and computer security techniques.
Using various algorithms and encryption keys, the information provided to an authentication system is protected in an encrypted form as it is transmitted from the front end of the transaction to a back end computer system. The information sent can only be unencrypted by the back end computer system when the proper encryption key is used. Due to the critical role the encryption key plays, maintaining the secrecy of the encryption keys is of utmost importance in such systems.
In addition, some conventional authentication systems require a user to enter a PIN known only to the user to authenticate the user and the portable consumer device. This provides a level of security that helps ensure that the user presenting the portable consumer device is the authorized user of that particular device. The assumption here is that the PIN will only be known by the user and will not be revealed to or discovered by someone wishing to commit fraud.
Despite the best efforts of users and issuers of portable consumer devices, account numbers, personal identifiers, PINs and encryptions keys can be stolen or discovered and then used by unauthorized parties to replicate portable consumer devices so as to defraud authentication systems. Since data can be hacked and stolen and the sophistication of unauthorized users and counterfeiters continues to increase, it is currently possible to make fraudulent cards that can be used for in-person transactions once key information is known. The fraudulent portable consumer device will appear to be an authentic device since it will have all the correct information and characteristics. An unauthorized user may have even discovered the PIN or other access code to provide when presenting the device for authentication.
It is clear that what is needed is a system, method, and device to prevent unauthorized users from creating and using fraudulent versions of portable consumer devices. Embodiments of the disclosed invention address the above problems, and other problems, individually and collectively.